2

Hi I want to give Domain Users full access to a folder with PowerShell. I am working with this set of code gleaned from research using Technet and blogs. I am still having issues.

I am getting this error when I run the code just below:

Exception calling "SetAccessRule" with "1" argument(s): "Some or all     identity references could not be translated."
At line:13 char:1
+ $acl.SetAccessRule($accessRule)
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [], MethodInvocationException
    + FullyQualifiedErrorId : IdentityNotMappedException

Here is my code:

$directory = "C:\inetpub\wwwroot\app.webservice"
$domainName = (gwmi Win32_NTDomain).DomainName
$group = 'Domain Users'
$inherit = [system.security.accesscontrol.InheritanceFlags]"ContainerInherit, ObjectInherit"
$propagation = [system.security.accesscontrol.PropagationFlags]"None"
$acl = (Get-Item $directory).GetAccessControl("Access")
$user = "{0}\{1}" -f "$domainName", $group
$user.trim()
$access = "FullControl"
$accessType = "Allow"
$accessRule = New-Object System.Security.AccessControl.FileSystemAccessRule -ArgumentList @("$user","$access", "$inherit", "$propagation", "$accessType")
$acl.SetAccessRule($accessRule)
set-acl $directory $acl

I have tried replacing the $user variable with "domain\Domain Users" and the code works as expected. I have been unable to figure out how to pass the $user variable correctly so that the user parameter can be passed and not hard coded.

Thanks

Improve this question

1 Answer 1

Reset to default
1

Check the value of your DomainName variable. If I run the same code here I get not only the domain I am running on but also all trusted domains as an array. This means the $user variable contains something like MyDomain OtherDomain\Domain Users.

I recommend declaring the domain as $domainName = "MyDomain" if possible. If you do need to dynamically get the domain you'll need to test for an array;

$domainName = (gwmi Win32_NTDomain).DomainName
if ($domainName -is [array]) { $domainName = $domainName[0] }

NOTE: My domain is alphabetically first so I don't know if the current domain is displayed first or if they are simply displayed alphabetically. You'll need to test and find a solution that works for you.

EDIT: Looks like $domainName = $env:USERDOMAIN might do the trick

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I would definitely go for $env:USERDOMAIN (user) or (gwmi Win32_ComputerSystem).Domain (machine) instead of Win32_NTDomain
Thank you Deadly-Bagel. This code works for something I, too, need.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.